Linux Online Advertisement
[ Register ]

[ Applications ]
[ Documentation ]
[ Distributions ]
[ Download Info ]
[ General Info ]
[ Book Store ]

Advertisement

[ Courses ]
[ News ]
[ People ]
[ Hardware ]
[ Vendors ]
[ Projects ]
[ Events ]
[ User Groups ]
[ User Area ]

Linux in a Nutshell, Fourth Edition

[ About Us ]
[ Home Page ]
[ Advertise ]

Advanced Linux Course
Linux Online's Course for Advanced Users: Linux, Wide Open
<<< Previous The Apache Web server Next >>>

Tweaking Apache

At this point, you now have a server running Apache that will be able to suit your needs for creating web applications with PHP and Perl, not to mention delivering static HTML pages, which it is able to do with little effort. However, there are a few things we should do to be able to run Apache efficiently and securely.

Get to Know Your httpd.conf File

As we've seen earlier, the main configuration file for Apache is httpd.conf. On our installation, it is located in /usr/local/apache/conf/. The changes we make to this file will effect how Apache runs, so before making any changes, it's best to create a backup. I usually just do:

cp httpd.conf httpd.conf.YYYMMDD

This will allow you to track any changes you've made to your Apache installation. For starters, one simple change we can make is to configure Apache so that it doesn't list the contents of a web directory if the visitor doesn't include a specific page or script in the URL. This is a small but important measure for increasing security. In httpd.conf find the following block:

# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
    Options Indexes FollowSymLinks MultiViews

Remove the word Indexes here. You should also remove word Indexes from the following block, in the line that starts:

Options MultiViews
: 
#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#

<Directory /home/*/public_html>
    AllowOverride FileInfo AuthConfig Limit
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS PROPFIND>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS PROPFIND>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>

This section controls the websites located in users' home directories. These are found at URLs that normally have a tilde (~) preceding a user name. (http://server/~bsmith/). Now visitors will not be able to see what's in the directory. They will get a standard 'Forbidden' directory. If you've seen these, you'll probably agree with me that these warnings are a little stark and harsh - but better safe than sorry. We can always customize our error and warning message. In order not to get this error message, the public directories on the web server must have an "index" file. Apache configuration by default only takes into account one possible index file, index.html. However, we may want to add other possible directory indexes. To do this, look for the following block:

#
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index.  Separate multiple entries with spaces.
#
<IfModule mod_dir.c>
    DirectoryIndex index.html 
</IfModule>

You can add other possible index files like index.php, index.cgi or even other names like main.html.

Apache Up and Running

At this point, you have apache up and running. Those who've followed our intermediate Linux course already know that Apache can be configured to run multiple web sites on the same machine. For more information about this, refer to the lesson on virtual hosts in our intermediate course.

<<< Previous Home Next >>>
Installation of mod_perl Up Keeping Your Linux System Secure


Comments: feedback (at) linux.org
Advertising: banners (at) linux.org
Copyright Linux Online Inc.
Compilation ©1994-2008 Linux Online, Inc.
All rights reserved.